DOCSLIB.ORG

Security Analysis of India's Electronic Voting Machines

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Analysis of India's Electronic Voting Machines To appear in Proc. 17th ACM Conference on Computer and Communications Security (CCS ’10), Oct. 2010 For more information, updates, and video of demonstration attacks, visit http://IndiaEVM.org. Security Analysis of India’s Electronic Voting Machines Hari K. Prasad∗ J. Alex Halderman† Rop Gonggrijp Scott Wolchok† Eric Wustrow† Arun Kankipati∗ Sai Krishna Sakhamuri∗ Vasavya Yagati∗ ∗ Netindia, (P) Ltd., Hyderabad † The University of Michigan Released April 29, 2010 – Revised July 29, 2010 Abstract Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines’ design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine’s design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines’ simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally. 1 Introduction India is the world’s largest democracy. In recent national elections, more votes were cast than the combined population of the United States and Canada [57], and the vast majority of voters used paperless direct- recording electronic (DRE) voting machines [25]. Though paperless DREs have been largely discredited in the academic security literature (e.g., [4, 5, 9, 10, 17, 29, 30, 38]), Indian election authorities continue to insist that the electronic voting machines used in India, widely referred to as EVMs, are fully secure. For example, the Election Commission of India, the country’s highest election authority, asserted in an August 2009 press statement: “Today, the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever” [27]. As recently as April 26, 2010, Chief Election Commissioner Navin B. Chawla was quoted in the media as saying the machines were “perfect” with no need for “technological improvement” [48]. To justify these claims, officials frequently cite the design of the EVMs, which is vastly simpler than that of most other DREs used globally, and a number of procedural safeguards. However, the details of the machines’ design have been a closely guarded secret, and, until now, they have never been subjected to a rigorous independent security review. In this paper, we analyze the security of India’s EVMs and related procedural safeguards. We show that while the machines’ simplicity makes them less susceptible to some of the threats faced by DREs studied in prior work, it also subjects them to a different set of highly dangerous attacks. We demonstrate two attacks that involve physically tampering with the EVMs’ hardware. First, we show how dishonest election 1 insiders or other criminals could alter election results by replacing parts of the machines with malicious look-alike components. Such attacks are made far simpler and cheaper by the EVMs’ minimalist design, and they could be accomplished without the involvement of any field-level poll officials. Second, we show how attackers could use portable hardware devices to extract and alter the vote records stored in the machines’ memory, allowing them to change election outcomes and violate ballot secrecy. This attack is technically straightforward because the EVMs do not use even basic cryptography to protect vote data internally. It could be carried out by local election officials without being detected by the national authorities or the EVM manufacturers’ agents. Though EVM manufacturers and election officials have attempted to keep the design of the EVMs secret, this presents only a minor obstacle for would-be attackers. There are nearly 1.4 million EVMs in use throughout the country [26], and criminals would only need access to one of them to develop working attacks. Dishonest insiders or other criminals would likely face less difficulty than we did in obtaining such access. There are many other possibilities for manipulating Indian EVMs, both with and without the involvement of dishonest election insiders. Depending on the local context and security environment, the nature and scale of potential manipulations may vary, but neither the machines’ simplicity nor their secret design keeps them safe. This study establishes that the EVMs used in India are not tamper-proof and are susceptible to a range of attacks. The use of similar paperless DREs has been discontinued in California [6], Florida [31], Ireland [33], the Netherlands [19], and Germany [8]. Indian election authorities should immediately review the security procedures now in place and should inspect all EVMs for evidence of fraud. Moving forward, India should adopt a different voting system that provides greater security and transparency. Research Contributions 1. We present the first rigorous, independent security analysis of the electronic voting system used in India and find significant security flaws that compromise the integrity of the results and the secrecy of the ballot. Indian voting machines use a vastly different design than most other DRE voting systems studied in the literature, and we describe it in greater detail than was previously available to the public. 2. We explore the role of simplicity in electronic voting security. Previous studies have focused on problems caused by software complexity and have proposed minimizing the size of the trusted computing base (TCB) as a partial remedy [53]. India’s EVMs use an extremely simple design with a small software TCB, yet we find that this makes physically tampering with the devices relatively easy. These findings underscore that the problems with DREs are due not only to complexity but also to lack of transparency. 3. We perform the first major security study of an electronic voting system used in an emerging nation. Voting systems in India must satisfy different constraints than systems used in the United States and Europe, which have been the focus of research to date. The Indian EVM manufacturers are exporting machines to other countries, including Nepal, Bhutan [47], and Bangladesh [40]. Mauritius, Malaysia, Singapore, Namibia, South Africa and Sri Lanka are reportedly considering adopting similar systems [47]. We outline some of the challenges of deploying electronic voting in an emerging nation. This provides a starting point for future research into voting system designs that meet the needs of these countries. Outline The remainder of this paper is organized as follows. In Section 2, we review how electronic voting was introduced in India, describe how EVMs are used in elections, survey reports of fraud, and describe the EVM hardware based on our examination and experiments. In Section 3, we explain a number of ways that the EVM system can be attacked in spite of—and sometimes due to—its simple design. In Section 4, we present two demonstration attacks that we developed. Section 5 discusses current procedural countermeasures and why they are ineffective or even harmful. We place our work within the context of previous electronic voting security studies in Section 6. Finally, we draw conclusions and consider the way forward in Section 7. For the latest version of this report and a video of our demonstration attacks, visit http://IndiaEVM.org. 2 Figure 1: Indian EVMs consist of a BALLOT UNIT used by voters (left) and a CONTROL UNIT operated by poll workers (right) joined by a 5-meter cable. Voters simply press the button corresponding to the candidate of their choice. We obtained access to this EVM from an anonymous source. 2 Background 2.1 Electronic Voting in India The Election Commission of India developed the country’s EVMs in partnership with two government-owned companies, the Electronics Corporation of India (ECIL) and Bharat Electronics Limited (BEL) [50, pp. 1,9]. Though these companies are owned by the Indian government, they are not under the administrative control of the Election Commission. They are profit-seeking vendors that are attempting to market EVMs globally [47]. The first Indian EVMs were developed in the early 1980s by ECIL. They were used in certain parts of the country, but were never adopted nationwide [50, p. 1]. They introduced the style of system used to this day (see Figure 1), including the separate control and ballot units and the layout of both components. These first-generation EVMs were based on Hitachi 6305 microcontrollers and used firmware stored in external UV-erasable PROMs along with 64kb EEPROMs for storing votes. Second-generation models were introduced in 2000 by both ECIL and BEL. These machines moved the firmware into the CPU and upgraded other components. They were gradually deployed in greater numbers and used nationwide beginning in 2004 [50, p. 1]. In 2006, the manufacturers adopted a third-generation design incorporating additional changes suggested by the Election Commission. 3 Figure 2: Counting Votes — The EVM records votes in its internal memory. At a public counting session, workers remove a seal on the control unit and press the RESULT I button (left) to reveal the results. The machine sequentially outputs the number of votes received by each candidate using a bank of 7-segment LEDs (right). Here, candidate number 01 has received 7 votes.
Load more

Recommended publications
  • NIST Voting Presentation
    Improving U.S. Voting Systems NIST VOTING Mary Brady Voting Program Manager NIST [email protected] Josh Franklin Lead, NIST Voting Security [email protected] ISPAB 10/25/2017 1 Improving U.S. Voting Systems Topics • VVSG 2.0 Development • VVSG Scope • VVSG Structure • VVSG: Principles and Guidelines • Requirements & Test Assertions • Cybersecurity and Elections 2 Improving U.S. Voting Systems VVSG 2.0 Development EAC Standards Board of TGDC Board Advisors NIST Director Voting Guidelines • Tap into as many experts as possible NIST PWG’s • Get continual feedback Improving U.S. Voting Systems Together…Making It Happen NIST NASED EAC FVAP IEEE Goals Military/Overseas Voters High-level, Election plain language Process principles Common Data Format Legal Requirements Common Accessibility Threads Requirements -> verified code Improving U.S. Voting Systems NIST-EAC Public Working Groups Election Groups • Developed election process models that served as the basis for use cases and the core functions • Pre-Election (103 members) • Election: (107 members) • Post-Election: (96 members) Constituency Groups • Conducted gap analyses and developed draft VVSG 2.0 Principles and Guidelines • U&A (105 members) • Cybersecurity (121 members) • Interoperability (158 members) • Testing (84 members) 5 Improving U.S. Voting Systems Election Models 6 Improving U.S. Voting Systems Reaching Consensus on VVSG Scope Election Election Process Use Case Core WGs Models Scenarios Functions Pre, • TGDC • Standards Election, • EAC/NIST Board • PWG Chairs • Board of and Post Advisors • NASED Improving U.S. Voting Systems A New VVSG Structure EAC NASED EAC VVSG NASED Input Roundtable / TGDC, SB, BoA Subgroup / Futures Group to EAC / NIST Public Adoption NIST Meetings 8 Improving U.S.
    [Show full text]
  • The New Jersey Voting-Machine Lawsuit and the AVC Advantage DRE Voting Machine
    The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting Machine Andrew W. Appel∗ Maia Ginsburg Harri Hursti Brian W. Kernighan Princeton University Princeton University Princeton University Christopher D. Richards Gang Tan Penny Venetis Princeton University Lehigh University Rutgers School of Law – Newark Abstract As a result of a public-interest lawsuit, by Court order we were able to study, for one month, the hardware and source code of the Sequoia AVC Advantage direct-recording electronic voting machine, which is used throughout New Jersey (and Louisiana), and the Court has permitted us to publicly describe almost everything that we were able to learn. In short, these machines are vulnerable to a wide variety of attacks on the voting process. It would not be in the slightest difficult for a moderately determined group or individual to mount a vote-stealing attack that would be successful and undetectable. 1 Litigation and legislation in New Jersey In October 2004 a group of public-interest plaintiffs, represented by Professor Penny Venetis of the Rutgers Law School, sued the State of New Jersey (in NJ Superior Court) over the State’s use of direct-recording electronic (DRE) voting machines in New Jersey. By 2004, most of New Jersey’s counties had adopted the Sequoia AVC Advantage full-face DRE. Currently 18 out of New Jersey’s 21 counties use this DRE. The plaintiffs argued that the use of DRE voting machines is illegal and unconstitutional: illegal, because they violate New Jersey election laws requiring that all votes be counted accurately and that voting machines be thoroughly tested, accurate, and reliable; and unconstitutional, because they violate the New Jersey constitution’s requirement that all votes count.1 The plaintiffs argued that one cannot trust a paperless DRE machine to count the vote.
    [Show full text]
  • Auditing Technology for Electronic Voting Machines
    CALTECH/MIT VOTING TECHNOLOGY PROJECT A multi-disciplinary, collaborative project of the California Institute of Technology – Pasadena, California 91125 and the Massachusetts Institute of Technology – Cambridge, Massachusetts 02139 AUDITING TECHNOLOGY FOR ELECTRONIC VOTING MACHINES Sharon B. Cohen MIT Key words: DRE, voting machine security, electronic voting, electronic voting machines, auditing technology VTP WORKING PAPER #46 May 2005 Auditing Technology for Electronic Voting Machines by Sharon B. Cohen Submitted to the Department of Electrical Engineering and Computer Science in Partial Fulfillment of the Requirements for the Degrees of Bachelor of Science in Computer Science and Engineering and Master of Engineering in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology May 19, 2005 Copyright 2005 Sharon B. Cohen. All rights reserved. The author hereby grants to M.I.T. permission to reproduce and distribute publicly paper and electronic copies of this thesis and to grant others the right to do so. Author_________________________________________________________________ Department of Electrical Engineering and Computer Science May 19, 2005 Certified by___________________________________________________________ Ted Selker Thesis Supervisor Accepted by____________________________________________________________ Arthur C. Smith Chairman, Department Committee on Graduate Theses Auditing Technology for Electronic Voting Machines by Sharon B. Cohen Submitted to the Department of Electrical Engineering
    [Show full text]
  • Voting System Failures: a Database Solution
    B R E N N A N CENTER FOR JUSTICE voting system failures: a database solution Lawrence Norden Brennan Center for Justice at New York University School of Law about the brennan center for justice The Brennan Center for Justice at New York University School of Law is a non-partisan public policy and law institute that focuses on fundamental issues of democracy and justice. Our work ranges from voting rights to campaign finance reform, from racial justice in criminal law to presidential power in the fight against terrorism. A singular institution – part think tank, part public interest law firm, part advocacy group – the Brennan Center combines scholarship, legislative and legal advocacy, and communication to win meaningful, measurable change in the public sector. about the brennan center’s voting rights and elections project The Brennan Center promotes policies that protect rights, equal electoral access, and increased political participation on the national, state and local levels. The Voting Rights and Elections Project works to expend the franchise, to make it as simple as possible for every eligible American to vote, and to ensure that every vote cast is accurately recorded and counted. The Center’s staff provides top-flight legal and policy assistance on a broad range of election administration issues, including voter registration systems, voting technology, voter identification, statewide voter registration list maintenance, and provisional ballots. The Help America Vote Act in 2002 required states to replace antiquated voting machines with new electronic voting systems, but jurisdictions had little guidance on how to evaluate new voting technology. The Center convened four panels of experts, who conducted the first comprehensive analyses of electronic voting systems.
    [Show full text]
  • Building Reliable Voting Machine Software
    Building Reliable Voting Machine Software Ka-Ping Yee Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2007-167 http://www.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-167.html December 19, 2007 Copyright © 2007, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Acknowledgement I am grateful to many people who helped make this dissertation possible. My advisors: David Wagner, Marti Hearst. My committee members: Henry Brady, Joe Hellerstein. Advice: Steve Bellovin, Candy Lopez, Scott Luebking, Noel Runyan, Joseph Hall. Security review: Matt Bishop, Ian Goldberg, Tadayoshi Kohno, Mark Miller, Dan Sandler, Dan Wallach. Funding: National Science Foundation, through ACCURATE. Thanks also to Scott Kim, La Shana Porlaris, Lisa Friedman, and my parents. Building Reliable Voting Machine Software Ka-Ping Yee B. A. Sc. (University of Waterloo) 1998 A dissertation submitted to the Graduate Division of the University of California, Berkeley in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Committee in charge: Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair Professor Henry Brady Professor Joseph Hellerstein Fall 2007 The dissertation of Ka-Ping Yee is approved.
    [Show full text]
  • Survey on End-To-End Verifiable Cryptographic Voting Systems
    International Journal of Computer Applications (0975 – 8887) Volume 100 – No.16, August 2014 Survey on End-to-End Verifiable Cryptographic Voting Systems Labeeb Ahmed Qubati Sherif Khattab Ibrahim Farag Computer Science Dept., Computer Science Dept., Computer Science Dept., Faculty Of Computer And Faculty Of Computer And Faculty Of Computer And Information, Cairo University, Information, Cairo University, Information, Cairo University, Egypt Egypt Egypt ABSTRACT system (whether the voting system achieves the whole Electronic voting refers to the using of computers or characteristics or a part of them). The electoral process passes computerized voting equipments to cast ballots in the election. in three basic stages, the first stage is the registration stage, The e-voting has been developed for more than 20 years. In when the preparation of electoral is done, the second stage is the electronic voting, there are three stages: the registration the voting stage when the voters cast their votes, and finally stage, the voting stage, and the tally stage. Verifiable the tallying stage when the votes are compiled and counted cryptographic voting systems use encryption technology to then announce the results. The e-voting system can be secure electorate’s votes and to avoid coerce them to vote for represent in two subsystems, the first one includes the any particular candidate or to buy their votes, and any another registration stage and the second one includes the other two threats. This research aims to obtain an electronic voting stages. system could be used easily in the third world countries. In There are many electronic voting systems classified in several this research ten of existing cryptography verifiable voting ways, for example, HAVA classification which voting systems have been studied, and especially focused on End-to- systems are classified into four categories one of the four End verifiable voting systems, which is considered as the categories is E2E cryptographic-based, which is consider as newest class of voting systems.
    [Show full text]
  • Buying Or Leasing of Election Machines by COMELEC
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Quimba, Francis Mark A. Working Paper Buying or Leasing of Election Machines by COMELEC PIDS Discussion Paper Series, No. 2013-42 Provided in Cooperation with: Philippine Institute for Development Studies (PIDS), Philippines Suggested Citation: Quimba, Francis Mark A. (2013) : Buying or Leasing of Election Machines by COMELEC, PIDS Discussion Paper Series, No. 2013-42, Philippine Institute for Development Studies (PIDS), Makati City This Version is available at: http://hdl.handle.net/10419/126950 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte. may exercise further usage rights as specified in the indicated licence. www.econstor.eu Philippine Institute for Development Studies Surian sa mga Pag-aaral Pangkaunlaran ng Pilipinas Buying or Leasing of Election Machines by COMELEC Francis Mark A.
    [Show full text]
  • Smartmatic - Wikipedia
    03/12/2020 Smartmatic - Wikipedia Smartmatic The neutrality of this article is disputed. Learn more Smartmatic (also referred as Smartmatic Corp. or Smartmatic International) is a multinational company that specialises in building and implementing electronic voting systems. The company also produces smart cities solutions (including public safety and public transportation), identity management systems for civil registration and authentication products for government applications. Smartmatic Type Privately held Industry Technology, Electronic voting Founded 2000 Headquarters London, United Kingdom[1], multinational Key people Antonio Mugica, CEO Peter V. Neffenger, Chairman Revenue $250 million[2] (2014) Number of employees 600[3] Website www.smartmatic.com History Founding … In 1997,[4] three engineers, Antonio Mugica, Alfredo José Anzola and Roger Piñate[5], began collaborating in a group while working at Panagroup Corp. in Caracas, Venezuela.[6][7][8][9][10][11] Following the 2000 United States presidential election and its hanging chad controversy in Florida, the group proposed to dedicate a system toward electoral functions.[10][12] Smartmatic was officially incorporated on 11 April 2000 in Delaware by Alfredo José Anzola.[13][14][15] Smartmatic then https://en.m.wikipedia.org/wiki/Smartmatic 1/28 03/12/2020 Smartmatic - Wikipedia established its headquarters in Boca Raton, Florida with seven employees.[8][9] After receiving funds from private investors,[8] the company then began to expand. Expansion … Smartmatic was a little-known
    [Show full text]
  • Building Reliable Voting Machine Software
    Building Reliable Voting Machine Software Ka-Ping Yee B. A. Sc. (University of Waterloo) 1998 A dissertation submitted to the Graduate Division of the University of California, Berkeley in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Committee in charge: Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair Professor Henry Brady Professor Joseph Hellerstein Fall 2007 The dissertation of Ka-Ping Yee is approved. Professor David Wagner (Co-chair) Date Professor Marti Hearst (Co-chair) Date Professor Henry Brady Date Professor Joseph Hellerstein Date University of California, Berkeley Fall 2007 Building Reliable Voting Machine Software Copyright © 2007 Ka-Ping Yee Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, version 1.2 or any later version published by the Free Software Foundation, with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the appendix entitled GNU Free Documentation License. Abstract Building Reliable Voting Machine Software Ka-Ping Yee Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today’s voting machines.
    [Show full text]
  • Voting Technology for Language Minorities MAY 2004 by Angela Arboleda, Civil Rights Policy Analyst
    NNATIONALCLR COUNCIL OF LA RAZA Voting Technology for Language Minorities MAY 2004 By Angela Arboleda, Civil Rights Policy Analyst ■ There are new developments in the case of Latino1 voting and technology. For many years, NCLR, the Latino community, and other language minority groups have been patiently waiting for technology that responds to the needs of limited-English-proficient citizens. The Help America Vote Act (HAVA), P.L. 107-252, was enacted in October 2002. For the first time, thanks to technological advances, we have the potential to fully empower language minority voters, those with sight impairments, and people with limited literacy levels, while at the same time reducing the burden on both language minorities and elected officials. The use of Direct Recording Electronic (DRE) voting machines is an effective approach to fulfilling HAVA’s mandates, thus empowering citizens to exercise their constitutional right to vote. ■ DREs have the inherent capacity to allow language minorities, people with disabilities, and those with limited literacy skills the opportunity to vote independently and privately. For the first time language minority voters will not have to rely on interpreters – who often are not available – or be forced to compare a translated sample ballot to the actual ballot. Voters with sight impairments will be able to vote independently instead of relying on a pollworker or caregiver to read and mark the ballot. And research shows that people with low literacy skills are more likely to be able to operate a DRE voting machine, thanks to its didactic nature. In Orange County, California, for instance, voters using electronic machines can vote in Chinese, English, Korean, Spanish, and Vietnamese, or use headsets to listen to the ballot read in those languages.
    [Show full text]
  • Risk Assessment of Danaher Controls DRE Electronic
    Voter Verification of Accurate Ballot Tabulation http://www.seventy.org/electioninfo/DREReceipts2004.html Philadelphia City Commissioners Office Report on Proposed "Ballot Receipts" Risk Assessment of Danaher Controls DRE Electronic Voting System and Philadelphia Procedures Prepared by: Bob Lee, Voter Registration Administrator March 28,2001; Revised – March 9, 2004 A. Receipt Proposal There numerous news articles about a small number of individuals who assert that existing Direct Recording Electronic (DRE) voting systems are not reliable because they lack a paper ballot or paper audit trail to verify each voter's individual ballot selections. These individuals have suggested that DRE voting systems should provide a printed receipt of voter selections that each voter can view either before, or after, executing and recording their ballot. The proponents assert that a system that provides receipts would provide the following security advantages over current DRE systems: 1. It would allow a voter to view a printed record of all of their candidate selections to ensure that the DRE device is accurately recording their ballot selections. 2. The ballot receipts could be used after an election to provide a paper audit trail to conduct a recount to verify the electronic results reported by the voting device. These individuals claim that computerized systems require these receipts because a person intent on corrupting the voting process, or programming errors, could result in a DRE device indicating to the voter that it was accurately recording the voter's selections, while actually altering the selections and recording votes for candidates not selected. A superficial glance by a layperson might find the receipt suggestion attractive and based upon reasonable concerns.
    [Show full text]
  • Trust but Verify: Increasing Voter Confidence in Election Results
    TRUST BUT x VERIFY INCREASING VOTER CONFIDENCE IN ELECTION RESULTS STAFF REPORT 2007 TENNESSEE ADVISORY COMMISSION ON INTERGOVERNMENTAL RELATIONS www.state.tn.us/tacir TACIR Publication Policy Staff Information Reports, Staff Briefs, Staff Technical Reports and Staff Working Papers and TACIR Fast Facts are issued to promote the mission and objectives of the Commission. These reports are intended to share information and research findings relevant to important public policy issues in an attempt to promote wider understanding. Only reports clearly labeled as “Commission Reports” represent the official position of the Commission. Others are informational. The Tennessee Advisory Commission on Intergovernmental Relations 226 Capitol Boulevard Building z Suite 508 z Nashville, Tennessee 37243 Phone: 615.741.3012 z Fax: 615.532.2443 E-mail: [email protected] z Website: www.state.tn.us/tacir Trust But Verify Increasing Voter Confidence In Election Results Prepared by: Harry A. Green, Ph.D. Executive Director Rose Naccarato, Ph.D. Senior Research Associate Author, Project Management Reem Abdelrazek, M.P.A. Research Associate Other Contributing Staff: Teresa Gibson Web Development & Publications Manager Ken Belliveau, M.C.P, A.I.C.P. Cliff Lippard, M.P.A. Catherine Corley, M.A. Daniel Merchant, M.S. Kerri Courtney, M.P.A. Lynnisse Roehrick-Patrick, J.D. Leah Eldridge, J.D. Beth Swartz, Ph.D. Sallie Hussey, M.A. Libby Thurman, M.A. David Lewis, M.A. Ed Young, Ph.D. Staff Report 2007 Trust But Verify: Increasing Voter Confidence In Election Results
    [Show full text]